[DC LoCo] thoughs about a tool to verify certain PPAs
Kenneth Stailey
kstailey at yahoo.com
Tue Oct 12 13:23:28 BST 2010
Many PPAs are simply the upstream source plus the "debian" directory.
It should not be so hard to write a tool that could download the upstream providers source code and the source code from a PPA and run a diff on them.
It would help prove that there's no monkey business in someone's PPA.
You still would have to ascertain that the debian/rules etc. do not have malware in them.
But would it be a step in the right direction?
More information about the Ubuntu-us-dc
mailing list